March 13, 2020 (last updated: May 14, 2020)
The Novel corona virus (COVID-19) has whipped up a media firestorm. Given the level of anxiety and fear that currently exists globally around lethal Corona virus aka COVID-19, it is perhaps not surprising that some opportunistic scammers and other cyber criminals are exploiting the crisis.
With advances in technology and easy access to the internet, most of us are already conducting a considerable part of our day working online. Couple this with high levels of concerns and uncertainty around Covid-19, cybercrooks have been hugely successful in taking advantage of the growing fear among the general public to fulfill their dark aims.
People are understandably paranoid, and cyber criminals are hoping to prey on those fears. According to one report [1] victims in the UK have already lost more than $1 million to COVID-19 linked scams.
We have seen similar attacks during other pandemics such as SARS and Ebola, but this time they have taken it to another level. Here are some examples of how they are trying to take your money:
- Using social media, fake websites, and phone calls to sell overpriced face masks, hand soaps, toilet paper, disinfectants, and other commodities which are currently in high demand. If you send them your money, they never actually ship you the products.
- Setting up fake pharmaceutical websites and selling medication which they claim can cure COVID-19 through these fake drug stores. These products do nothing for people who genuinely need medication or are searching for reliable information on COVID-19. Cybercrooks are exploiting public’s interest to gain more clicks.
Source: https://thehackernews.com/2020/03/covid-19-coronavirus-hacker-malware.html [2]
- Disseminating real-time, accurate information related to COVID-19 in a bid to infect and spread password-stealing malwares. In one instance, they used the live map data provided by World Health Organization (WHO) to captivate people’s attention, luring them to click on malicious links.
- Circulating emails with fake news and attachments with malicious links which install malware [3].
- Raising concerns about the epidemic and appealing to people to donate money to fake charitable organizations.
- We have seen a huge surge in social engineering attacks. People have reported that they have received calls, texts and emails from the fraudsters claiming to be a health official and tricking users into revealing sensitive information.
Source: https://twitter.com/redcrosscanada/status/1239267520214962178 [4]
Various medical, security, and government agencies are appealing to people to stay calm and remain vigilant to these scams. Still every day the number of victims falling for such scams is increasing at an alarming rate. Over the coming weeks, public health workers, epidemiologists, researchers, nurses and doctors all over the world will be working around the clock to contain the spread of COVID-19. Cyber experts and security researchers will also be doing their part to contain these cyber attacks, but they will need your support to win this battle against the cyber criminals.
- We strongly encourage users to pay close attention to the emails/calls that you receive over the next few weeks.
- Fake pharmaceutical scams are particularly evil due to the risks posed to public health by counterfeit drugs. At the time of writing this blog, there is no vaccine to protect against COVID-19 or medication approved which can treat it.
As per one report [5] Interpol made 121 arrests over counterfiet COVID-19 supplies and medication. - Beware of misinformation and false news circulating on social media and emails. For most up to date information on COVID-19, please visit the WHO [6] website, Government of Canada [7] website, and the University of Guelph's [8]website. Only use trusted news sources for additional information.
- Check the authenticity of the emails and links. Do not click on links or open attachments in unsolicited email messages.
As ever, awareness is the key. These are difficult times and we are all anxious, but remaining vigilant and remaining calm will help us to get through it. When the frenzy finally passes, let us not forget that all the medical professionals will still be hard at work, diligently laboring to anticipate and prevent the next public health crisis and security professionals will be at large working on avoiding the next big cyberattack.
For Additional Reading:
- COVID-19 has contributed to record breaking cybercriminal activity [9]
- Canadian Anti-Fraud Centre Statement on COVID-19 Fraud [10]
- 71% of Security Pros See Threats Jump Since COVID-19 Outbreak [11]
- Scammers have pocketed $13m in Coronavirus fraud from the US this year [12]
- FBI warns of ongoing COVID-19 scams targeting govt, health care [13]
- https://www.secureworldexpo.com/industry-news/coronavirus-cybercrimes-are-these-the-lowest [14]
- https://cyber.gc.ca/en/guidance/cyber-hygiene-covid-19 [15]
- https://portal.iansresearch.com/content/4615/aae/covid-19-phishing-examples-and-guidance [16]
- https://nakedsecurity.sophos.com/2020/03/19/dirty-little-secret-extortion-email-threatens-to-give-your-family-coronavirus/ [17]
- https://www.bleepingcomputer.com/news/security/researchers-30-000-percent-increase-in-pandemic-related-threats/ [18]
Written by: Satnam S. Deol (Cyber Security Analyst II, Information Security)